Hey,
I’ve been wasting the last 2 days trying to figure out the following problem:
I’m using GNS3 with a NAT-cloud to give my networks internet in this lab environment acces to the internet (see attachment).
Server1, Client1 and the Firefox browser all have acces to the internet.
I can reach my webserver from client1 when using its local IPv4-address.
I cant ping from server1/client1 to the dhcp port on the router (eth1), i get a reply back from the NAT-cloud (192.168.122.1) that it is unreachable.
I cant ping to the Firefox browser from client1/server1.
[code]set interfaces ethernet eth1 address dhcp
set interfaces ethernet eth2 address 192.168.1.254/24
set interfaces ethernet eth3 address 192.168.2.254/24
commit
set interfaces ethernet eth1 description to_Internet
set interfaces ethernet eth2 description to_Serverroom
set interfaces ethernet eth3 description to_Clients
commit
set service dhcp-server shared-network-name lan_clients subnet 192.168.2.0/24 start 192.168.2.100 stop 192.168.2.150
set service dhcp-server shared-network-name lan_clients subnet 192.168.2.0/24 default-router 192.168.2.254
set service dhcp-server shared-network-name lan_clients subnet 192.168.2.0/24 dns-server 192.168.2.254
commit
set nat source rule 10
set nat source rule 10 source address 192.168.2.0/24
set nat source rule 10 outbound-interface eth1
set nat source rule 10 translation address masquerade
commit
set nat source rule 20
set nat source rule 20 source address 192.168.1.0/24
set nat source rule 20 outbound-interface eth1
set nat source rule 20 translation address masquerade
commit
set service dns forwarding listen-on eth2
set service dns forwarding listen-on eth3
set service dns forwarding name-server 8.8.8.8
set service dns forwarding name-server 8.8.4.4
commit
set nat destination rule 10
set nat destination rule 10 inbound-interface eth1
set nat destination rule 10 destination port 80
set nat destination rule 10 protocol tcp
set nat destination rule 10 translation address 192.168.1.200
commit[/code]
I removed all firewall rules on the router to narrow down the problem.
The router has 3 connected routes and 1 static route (from the NAT-cloud) 0.0.0.0/0 via 192.168.122.1, eth1.
It seems like the router is using the static route for a address that is connected? so it passes the frames to the NAT-cloud which for some reason has no idea about its own network?